Search in sources :

Example 1 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class Beans method newLdaptiveBlockingConnectionPool.

/**
     * New blocking connection pool connection pool.
     *
     * @param l the l
     * @return the connection pool
     */
public static ConnectionPool newLdaptiveBlockingConnectionPool(final AbstractLdapProperties l) {
    final DefaultConnectionFactory bindCf = newLdaptiveConnectionFactory(l);
    final PoolConfig pc = newLdaptivePoolConfig(l);
    final BlockingConnectionPool cp = new BlockingConnectionPool(pc, bindCf);
    cp.setBlockWaitTime(newDuration(l.getBlockWaitTime()));
    cp.setPoolConfig(pc);
    final IdlePruneStrategy strategy = new IdlePruneStrategy();
    strategy.setIdleTime(newDuration(l.getIdleTime()));
    strategy.setPrunePeriod(newDuration(l.getPrunePeriod()));
    cp.setPruneStrategy(strategy);
    switch(l.getValidator().getType().trim().toLowerCase()) {
        case "compare":
            final CompareRequest compareRequest = new CompareRequest();
            compareRequest.setDn(l.getValidator().getDn());
            compareRequest.setAttribute(new LdapAttribute(l.getValidator().getAttributeName(), l.getValidator().getAttributeValues().toArray(new String[] {})));
            compareRequest.setReferralHandler(new SearchReferralHandler());
            cp.setValidator(new CompareValidator(compareRequest));
            break;
        case "none":
            LOGGER.debug("No validator is configured for the LDAP connection pool of [{}]", l.getLdapUrl());
            break;
        case "search":
        default:
            final SearchRequest searchRequest = new SearchRequest();
            searchRequest.setBaseDn(l.getValidator().getBaseDn());
            searchRequest.setSearchFilter(new SearchFilter(l.getValidator().getSearchFilter()));
            searchRequest.setReturnAttributes(ReturnAttributes.NONE.value());
            searchRequest.setSearchScope(l.getValidator().getScope());
            searchRequest.setSizeLimit(1L);
            searchRequest.setReferralHandler(new SearchReferralHandler());
            cp.setValidator(new SearchValidator(searchRequest));
            break;
    }
    cp.setFailFastInitialize(l.isFailFast());
    if (StringUtils.isNotBlank(l.getPoolPassivator())) {
        final AbstractLdapProperties.LdapConnectionPoolPassivator pass = AbstractLdapProperties.LdapConnectionPoolPassivator.valueOf(l.getPoolPassivator().toUpperCase());
        switch(pass) {
            case CLOSE:
                cp.setPassivator(new ClosePassivator());
                break;
            case BIND:
                final BindRequest bindRequest = new BindRequest();
                bindRequest.setDn(l.getBindDn());
                bindRequest.setCredential(new Credential(l.getBindCredential()));
                cp.setPassivator(new BindPassivator(bindRequest));
                break;
            default:
                break;
        }
    }
    LOGGER.debug("Initializing ldap connection pool for [{}] and bindDn [{}]", l.getLdapUrl(), l.getBindDn());
    cp.initialize();
    return cp;
}
Also used : DefaultConnectionFactory(org.ldaptive.DefaultConnectionFactory) IdlePruneStrategy(org.ldaptive.pool.IdlePruneStrategy) SearchRequest(org.ldaptive.SearchRequest) MongoCredential(com.mongodb.MongoCredential) Credential(org.ldaptive.Credential) ClosePassivator(org.ldaptive.pool.ClosePassivator) BindRequest(org.ldaptive.BindRequest) BlockingConnectionPool(org.ldaptive.pool.BlockingConnectionPool) SearchFilter(org.ldaptive.SearchFilter) AbstractLdapProperties(org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties) CompareRequest(org.ldaptive.CompareRequest) SearchValidator(org.ldaptive.pool.SearchValidator) CompareValidator(org.ldaptive.pool.CompareValidator) BindPassivator(org.ldaptive.pool.BindPassivator) LdapAttribute(org.ldaptive.LdapAttribute) PoolConfig(org.ldaptive.pool.PoolConfig) SearchReferralHandler(org.ldaptive.referral.SearchReferralHandler)

Example 2 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class DefaultAccountStateHandler method handlePolicyAttributes.

/**
     * Maps boolean attribute values to their corresponding exception.
     * This handles ad-hoc password policies.
     *
     * @param response the authentication response.
     */
protected void handlePolicyAttributes(final AuthenticationResponse response) {
    final Collection<LdapAttribute> attrs = response.getLdapEntry().getAttributes();
    for (final LdapAttribute attr : attrs) {
        if (this.attributesToErrorMap.containsKey(attr.getName()) && Boolean.parseBoolean(attr.getStringValue())) {
            final Class<LoginException> clazz = this.attributesToErrorMap.get(attr.getName());
            final LoginException ex = (LoginException) ClassUtils.newInstance(clazz);
            if (ex != null) {
                throw Throwables.propagate(ex);
            }
        }
    }
}
Also used : LdapAttribute(org.ldaptive.LdapAttribute) LoginException(javax.security.auth.login.LoginException) FailedLoginException(javax.security.auth.login.FailedLoginException)

Example 3 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class LdapUserAttributesToRolesAuthorizationGenerator method generateAuthorizationForLdapEntry.

@Override
protected CommonProfile generateAuthorizationForLdapEntry(final CommonProfile profile, final LdapEntry userEntry) {
    if (userEntry.getAttributes().isEmpty()) {
        throw new IllegalStateException("No attributes are retrieved for this user.");
    }
    final LdapAttribute attribute = userEntry.getAttribute(this.roleAttribute);
    if (attribute == null) {
        throw new IllegalStateException("Configured role attribute cannot be found for this user");
    }
    addProfileRoles(userEntry, profile, attribute, this.rolePrefix);
    return profile;
}
Also used : LdapAttribute(org.ldaptive.LdapAttribute)

Example 4 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class LdapUserGraphicalAuthenticationRepository method getGraphics.

@Override
public ByteSource getGraphics(final String username) {
    try {
        final GraphicalUserAuthenticationProperties gua = casProperties.getAuthn().getGua();
        final Response<SearchResult> response = searchForId(username);
        if (LdapUtils.containsResultEntry(response)) {
            final LdapEntry entry = response.getResult().getEntry();
            final LdapAttribute attribute = entry.getAttribute(gua.getLdap().getImageAttribute());
            if (attribute != null && attribute.isBinary()) {
                return ByteSource.wrap(attribute.getBinaryValue());
            }
        }
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return ByteSource.empty();
}
Also used : LdapAttribute(org.ldaptive.LdapAttribute) SearchResult(org.ldaptive.SearchResult) LdapEntry(org.ldaptive.LdapEntry) GraphicalUserAuthenticationProperties(org.apereo.cas.configuration.model.support.gua.GraphicalUserAuthenticationProperties) LdapException(org.ldaptive.LdapException)

Example 5 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class AbstractX509LdapTests method populateCertificateRevocationListAttribute.

/**
     * Populate certificate revocation list attribute.
     * Dynamically set the attribute value to the crl content.
     * Encode it as base64 first. Doing this in the code rather
     * than in the ldif file to ensure the attribute can be populated
     * without dependencies on the classpath and or filesystem.
     * @throws Exception the exception
     */
private static void populateCertificateRevocationListAttribute() throws Exception {
    final Collection<LdapEntry> col = getDirectory().getLdapEntries();
    for (final LdapEntry ldapEntry : col) {
        if (ldapEntry.getDn().equals(DN)) {
            final LdapAttribute attr = new LdapAttribute(true);
            byte[] value = new byte[1024];
            IOUtils.read(new ClassPathResource("userCA-valid.crl").getInputStream(), value);
            value = EncodingUtils.encodeBase64ToByteArray(value);
            attr.setName("certificateRevocationList");
            attr.addBinaryValue(value);
            LdapTestUtils.modifyLdapEntry(getDirectory().getConnection(), ldapEntry, attr);
        }
    }
}
Also used : LdapAttribute(org.ldaptive.LdapAttribute) LdapEntry(org.ldaptive.LdapEntry) ClassPathResource(org.springframework.core.io.ClassPathResource)

Aggregations

LdapAttribute (org.ldaptive.LdapAttribute)27 LdapEntry (org.ldaptive.LdapEntry)18 SearchResult (org.ldaptive.SearchResult)11 SearchFilter (org.ldaptive.SearchFilter)7 ArrayList (java.util.ArrayList)6 ConnectionFactory (org.ldaptive.ConnectionFactory)5 LinkedHashMap (java.util.LinkedHashMap)4 PasswordManagementProperties (org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)4 MessageDescriptor (org.apereo.cas.authentication.MessageDescriptor)3 AbstractLdapProperties (org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties)3 Test (org.junit.Test)3 BindRequest (org.ldaptive.BindRequest)3 CompareRequest (org.ldaptive.CompareRequest)3 LdapException (org.ldaptive.LdapException)3 URI (java.net.URI)2 URL (java.net.URL)2 StandardCharsets (java.nio.charset.StandardCharsets)2 Arrays (java.util.Arrays)2 HashSet (java.util.HashSet)2 List (java.util.List)2